You're right that FIM assumes the possibility of compromise, but that's exactly the point - it's a detection control, not a prevention control. Prevention (read-only mounts, immutable bits, restrictive permissions, etc.) is necessary but not sufficient. In practice, attackers often find ways around those measures - for example, through misconfigured deployments, command injection, supply chain attacks, or overly broad privileges.
File Integrity Monitoring gives you a way to prove whether critical code or configuration has been changed after deployment. That’s valuable not only for security investigations but also for compliance.
For example, PCI DSS (Payment Card Industry Data Security Standard) explicitly requires this. Requirement 11.5.2 states:
"Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification of critical content files, configuration files, or system binaries."
Sure, a "sufficiently advanced" attacker could try to tamper with the monitoring tool, but (1) defense in depth is about making that harder, and (2) good implementations isolate the baseline and reports (e.g. write-only to S3, read-only on app servers), which raises the bar considerably.
> Hospitals led by doctors outperform those run by non-medical managers. Universities, business schools and academic departments led by good scholars outperform those that are not. The best sports teams – using data from 15,000 basketball games and 60 years of Formula 1 racing – are led by great former players or run by racing specialists.
IMO, Resumes attempt to solve a problem that precedes what some consider the actual hiring process: the need to quickly screen thousands of candidates.
Unfortunately, this approach has flaws. The person doing the initial screening may not have a deep understanding of the role and is often working with secondary information. This can sometimes lead to them becoming gatekeepers, filtering based on superficial criteria (like career gaps, job switches, etc)
IMO, resumes, while ideally intended as experience summaries, often function as gatekeeper proxies, filtering candidates based on arbitrary criteria rather than actual potential. Unfortunately, I too can't think of a good alternative solution that can scale well.
File Integrity Monitoring gives you a way to prove whether critical code or configuration has been changed after deployment. That’s valuable not only for security investigations but also for compliance.
For example, PCI DSS (Payment Card Industry Data Security Standard) explicitly requires this. Requirement 11.5.2 states:
"Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification of critical content files, configuration files, or system binaries."
Sure, a "sufficiently advanced" attacker could try to tamper with the monitoring tool, but (1) defense in depth is about making that harder, and (2) good implementations isolate the baseline and reports (e.g. write-only to S3, read-only on app servers), which raises the bar considerably.